Back to skill

Security audit

Apple Docs

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Apple documentation lookup tool, but one documented command can be used to fetch arbitrary web URLs beyond Apple documentation.

Install only if you are comfortable with a read-only docs tool that makes outbound requests. Prefer using Apple Developer documentation paths and WWDC commands; be cautious about letting an agent pass full URLs to the doc command because it can retrieve non-Apple or internal network content if reachable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
85% confidence
Finding
The skill explicitly states it uses native fetch and links to an external MCP server, which indicates network access despite no declared permissions. Undeclared network capability weakens transparency and policy enforcement, and could allow external data retrieval or metadata leakage without users or the platform clearly understanding that behavior.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The `doc` command accepts any `http`/`https` URL via `path.startsWith('http') ? path : ...`, then fetches it with `getAppleDocContent()`. This turns a documentation-specific skill into a general-purpose network fetcher, which can bypass intended domain restrictions and be abused to retrieve arbitrary remote content under the agent's network permissions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.